function global:Add-SPWebApplication-Policy
{
    Param($UserNTid,$Url,$Permission,[switch]$Overwrite) 
    #Add SharePoint Snap-in
    if((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null)
    {
        Add-PSSnapin Microsoft.SharePoint.PowerShell;
        Write-Host "SharePoint PowerShell Snap-In added";
    }
    $WebApp = Get-SPWebApplication $Url
    #Make sure the web application object is found
    if($WebApp -ne $null)
    { 
        $policy = $WebApp.Policies.Add($UserNTid, $UserNTid)
        $PolicyRoleType = $null
        switch -wildcard ($Permission)
        {
            "*Control*"
            {$PolicyRoleType = [Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl}
            "*Read*"
            {$PolicyRoleType = [Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead}
            "*Write*"
            {$PolicyRoleType = [Microsoft.SharePoint.Administration.SPPolicyRoleType]::DenyWrite}
            "*All*"
            {$PolicyRoleType = [Microsoft.SharePoint.Administration.SPPolicyRoleType]::DenyAll}
            default
            {
                $Host.UI.WriteErrorLine("Please specify a valid value for -Permission.")
                $Host.UI.WriteErrorLine("Use one of the following:")
                $Host.UI.WriteErrorLine("Full Control or Control, Full Read or Read, Deny Write or Write, Deny All or All")
                Return
            }
        }
        if($Overwrite)
        {
            $policy.PolicyRoleBindings.RemoveAll()
        }
        $policy.PolicyRoleBindings.Add($WebApp.PolicyRoles.GetSpecialRole($PolicyRoleType)) 
        $WebApp.Update() 
    } 
}

#Add-SPWebApplication-Policy -userNTid domain\userNTid -URl http://SharePointServer -Permission "control" -Overwrite